What’s New: IBM DevOps Deploy 2023.12 (8.0.0)

We are pleased to announce the release of IBM DevOps Deploy release version 2023.12 (8.0.0)!   IBM DevOps Automation 2023.12 was the first unified release of the new IBM DevOps Automation capabilities.   One key change for existing users of UrbanCode Deploy is the name change from IBM UrbanCode Deploy to IBM DevOps Deploy.  Further, the release versioning label is changing to reflect the unified DevOps Automation platform release (e.g. 2023.12).

Important Note:  For customers using MySQL as their backend database.   This new release requires MySQL 8.0 and older versions like MySQL 5.7 are no longer supported.   Please upgrade your database to MySQL 8.0 prior to performing the upgrade to this latest release otherwise some of the DDL update scripts will fail to execute.

The release notes and all the user documentation can be found here:  https://ibm.biz/BdvzET

Key Features and Enhancements in 2013.12 (8.0.0)

This version is a major release and includes fixes for various bugs and security-related issues.  This release is appropriate for all customers.

 Rebranding and Renaming

The IBM UrbanCode Deploy product has been renamed to DevOps Deploy to fit a new naming standard to be leverage for all IBM DevOps tooling.

NOTE: plugins have not been updated and they retain their existing names.

New System Cleanup Override Permissions

Cleanup settings for Components, Environments and Environment Templates are set at a system level, however, this can be overridden by users with permissions to edit the object.  This can create an issue for administrators as users may not know the correct values or may neglect to update them.

As a result, we added a new role level permission for each of these three objects: “Manage Environment Cleanup, Manage Component Cleanup, and Manage Environment Template Cleanup”

·       This permission will be granted to users that currently have permission to override the cleanup settings.

·       These three objects are ones where cleanup settings could be overridden.   For instance, Component Templates already have cleanup settings on them.

Environment:

Component:

Environment Template:

NOTE: the Cleanup Configuration page will show uses where components and environments have non-default values for cleanup settings.

YAML-based Import/Export for Applications, Components, and Resource Tree Configuration

We added the ability to use YAML as an input and output format for all endpoints in the server that use or return JSON.

This is controlled with HTTP headers:

·       When saving objects (e.g. PUTs/POSTs), you must specify the content type “Content-Type: application/yaml”

·       When getting objects (e.g GET) you must specify the accept header “Accept: application/yaml"

See How-to: Export and import elements with YAML confiugration for more information.

Updated key length from AES128 to AES256 for encryption.keystore

The default property encryption level is raised to AES-256.  The new key is created on upgrade and will be used by default.   At the time of installation and upgrade, the new keys are generated as AES-256 and set to default.  The existing values are not updated during the upgrade.

Customers can use keyrotate to re-encrypt the values using the new key.   The key rotation scripts are in the bin directory of the server.

NOTE: we enabled AES-256 support for plug-in input and output properties.

PKCE-Based OIDC Authorization Code Flow

We added supported for Open ID Connect (OIDC) authorization that uses Proof Key for Code Exchange (PKCE).  Enhanced security of the OIDC authentication by allowing the OIDC Provider to match the authentication request to the token ID request.

There is no UI change as part of this.   If the Identity Provider requires the proof key, it will be supplied.   Providers that ignore it will not have any issue

Argo CD Integration with new Argo CD Automation Plugin

We added a new Argo CD automation plugin that clients can leverage alongside DevOps Deploy to control the sync of container updates in a controlled manner.   Leveraging this new plugin, you can easily wire in integrations with testing tools and container scanning and other governance features you utilize today in DevOps Deploy.   It is a winning combination for our clients.

See this blog series for detailed information for this integration:  https://community.ibm.com/community/user/wasdevops/blogs/randy-langehennig1/2023/12/19/gitops-with-devops-deploy-and-argo-cd-part-1

API to Return Deployment Results based on date that deployment processes execute

We added an additional option to the getApplicationsProcessRequests CLI command to filter the results that comes back to a specified deployment execution date.  

See Get information about all application process request on the server for more information.

 New API to get Agent Status using locked/agent.id value in installed.properties

All agent APIs functions were extended to accept lookup by agent's endpoint ID where the agent name and ID are accepted.   Agent endpoint ID is the locked/agent.id value in the agent's installed.properties file.

See Agent IDs for more information.

Summary of What’s New in 8.0.0

•       New features (RFEs)

−       DEPLOY-14239 System cleanup override permissions

−       DEPLOY-14893 Re-branding and Renaming – DevOps Deploy

−       DEPLOY-14737 AES256 encryption key for encryption.keystore

−       DEPLOY-14805 PKCE-Based OIDC Authorization Code Flow

•       New and QoL Features

−       DEPLOY-14607 Add API to get agent status using locked/agent.id value in installed.properties

−       DEPLOY-14763 API to return deployment results based on date deployment processes execute

−       DEPLOY-14239 System cleanup override permissions

Download

The upgrades can be downloaded from IBM Fix Central Downloads.  Please feel free to enter a ticket to notify our support team of your upgrading timing and any questions you may have.  We would be pleased to support this transition!